Solved

ISA replacement

Posted on 2014-10-29
5
1,099 Views
Last Modified: 2014-11-13
Does anyone have a recommendation for a replacement of MS ISA server? Need reverse proxy functionality. Cheers
0
Comment
Question by:bozo1701
5 Comments
 
LVL 36

Assisted Solution

by:Jian An Lim
Jian An Lim earned 125 total points
ID: 40412723
depends on your size.
TMG is the last version of reverse proxy for microsoft suite and they are not going to develop further their product.

outside microsoft you got plenty of choice depends on your size of company.
you can choose a software, or an appliance.

for example, but not limit to.

bluecoat

https://www.bluecoat.com/products/web-application-reverse-proxy

squid
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 40412766
you can actually check on application delivery controller such as F5 Network, Citrix. The MS direct replacement is TMG/UAG but the TMG is going end of life in 2020, there feature not to be supported as
...there are some features that will suffer from degraded functionality beginning in 2016. Microsoft has announced that it will cease to support the URL Reputation Services (URS) that TMG relies on for web site categorization on December 31, 2015. Also, Microsoft will no longer produce anti-malware and Network Inspection System (NIS) signature updates past this date (although they will continue to function, albeit with outdate signature files).
Having said that there is other provider supporting TMG though such as Celestix MSA.  http://www.celestix.com/best-forefront-tmg-2010-replacement-forefront-tmg-2010/

Forefront UAG can be used to publish internal servers via Web portal or directly (similar to Forefront TMG). For website and VPN replacement use Direct Access, but do note that Direct Access is not a replacement of VPN in few scenarios, e.g. VPN for external workers who shouldn't access all services as company's workers. Of course we can implement several Direct Access implementations in one company, but external workers are enforced to have desktops in company's domain.

F5 Networks
http://www.f5.com/pdf/white-papers/microsoft-threat-management-gateway-alternatives-white-paper.pdf

NetScalar
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-a-comprehensive-replacement-for-microsoft-forefront-threat-management-gateway.pdf

For your interest also in comparing Forefront UAG with TMG http://www.isaserver.org/articles-tutorials/general/Should-replace-TMG-firewalls-with-UAG.html
the key differences between TMG and UAG is to take a brief look at a few remote access features and how they differ (or don’t):

Application Intelligence and Publishing (UAG is better than TMG in most areas)
End Point Security (UAG is better than TMG in most areas)
SSL Tunneling (UAG is better than TMG in most areas)
Information Leakage Prevention (UAG is better than TMG in most areas)
Robust Authentication Support (KCD, ADFS, OTP) (UAG is more flexible)
Windows Server 2008, Native 64-Bit (same for both)
Product Certification (Common Criteria) (same for both)
NAP Integration (same for both)
Terminal Services Gateway Integration (easier to set up with UAG)
Web Farm Load Balancing (easier to set up with TMG)
Array Management (TMG more robust)
Enhanced Management and Monitoring (MOM Pack) (same for both)
Enhanced Mobile Solutions (UAG is better in most scenarios)
New and Customizable User Portal (N/A for TMG)
Wizard Driven Configuration (same for both)
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 40412822
There is Sophos UTM as a TMG Replacement from a UTM perspective too if it is a single proxy and may be optimal from mgmt perspective but the role and access control has to be thought through to ensure least privileges for such in one box.

http://www.isaserver.org/articles-tutorials/general/life-after-tmg-considering-sophos-utm-tmg-replacement-part1.html

One of the things that people really like about TMG is its application layer filtering, which allows you to control specific applications. Sophos UTM provides excellent visibility into the applications that are being used on your network and allows you to control access to them. You monitor Internet connections that are going through the firewall and you can see what’s happening as it happens, and set policies based on what you observe. You can also perform bandwidth shaping to give priority to certain business-critical applications.
0
 
LVL 39

Assisted Solution

by:noci
noci earned 125 total points
ID: 40412834
You can also build up a plain unix/linux box and use NGINX as a reverse proxy.
That would be the closest i can think of to getting to a ISA. including support for websockets etc.
Squid will miss out on that kind of processing.
0
 

Author Closing Comment

by:bozo1701
ID: 40440901
Thanx all for your suggestions. They are all  a potential replacement it seems. Looks like we will go with the F5 solution - expensive but solid.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
OfficeMate Freezes on login or does not load after login credentials are input.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now